[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Nov 5 08:21:53 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
806812c4 by Salvatore Bonaccorso at 2022-11-05T09:21:28+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5813,27 +5813,27 @@ CVE-2022-43574 ("IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4,
 CVE-2022-43573
 	RESERVED
 CVE-2022-43572 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending  ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...)
 	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43570 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authe ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43569 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authe ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43568 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View a ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43567 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43566 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43565 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43564 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43563 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43562 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk E ...)
-	TODO: check
+	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...)
 	NOT-FOR-US: Splunk Enterprise
 CVE-2022-43560
@@ -10700,17 +10700,17 @@ CVE-2022-41673
 CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn' ...)
 	- airflow <itp> (bug #819700)
 CVE-2022-41671 (A CWE-89: Improper Neutralization of Special Elements used in SQL Comm ...)
-	TODO: check
+	NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
 CVE-2022-41670 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
 CVE-2022-41669 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
 CVE-2022-41668 (A CWE-704: Incorrect Project Conversion vulnerability exists that allo ...)
-	TODO: check
+	NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
 CVE-2022-41667 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory  ...)
-	TODO: check
+	NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
 CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE
 CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V ...)
 	NOT-FOR-US: Siemens
 CVE-2022-41664
@@ -16185,7 +16185,7 @@ CVE-2022-39386
 CVE-2022-39385
 	RESERVED
 CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
-	TODO: check
+	NOT-FOR-US: OpenZeppelin
 CVE-2022-39383
 	RESERVED
 CVE-2022-39382 (Keystone is a headless CMS for Node.js — built with GraphQL and  ...)
@@ -16686,7 +16686,7 @@ CVE-2022-3097 (The LBStopAttack WordPress plugin through 1.1.2 does not use nonc
 CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...)
-	TODO: check
+	NOT-FOR-US: Dart language (different from src:dart)
 CVE-2022-3094
 	RESERVED
 CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSystems C ...)
@@ -17170,15 +17170,15 @@ CVE-2022-39022 (U-Office Force Download function has a path traversal vulnerabil
 CVE-2022-39021 (U-Office Force login function has an Open Redirect vulnerability. An u ...)
 	NOT-FOR-US: U-Office Force
 CVE-2022-39020 (Multiple instances of XSS (stored and reflected) was found in the appl ...)
-	TODO: check
+	NOT-FOR-US: Schoolbox
 CVE-2022-39019 (Broken access controls on PDFtron WebviewerUI in M-Files Hubshare befo ...)
-	TODO: check
+	NOT-FOR-US: M-Files Hubshare
 CVE-2022-39018 (Broken access controls on PDFtron data in M-Files Hubshare before 3.3. ...)
-	TODO: check
+	NOT-FOR-US: M-Files Hubshare
 CVE-2022-39017 (Improper input validation and output encoding in all comments fields,  ...)
-	TODO: check
+	NOT-FOR-US: M-Files Hubshare
 CVE-2022-39016 (Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 al ...)
-	TODO: check
+	NOT-FOR-US: M-Files Hubshare
 CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated atta ...)
 	NOT-FOR-US: Mailform Pro CGI
 CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...)
@@ -18323,9 +18323,9 @@ CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.
 CVE-2022-38662
 	RESERVED
 CVE-2022-38661 (HCL Workload Automation could allow a local user to overwrite key syst ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site Request Forger ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-38659
 	RESERVED
 CVE-2022-38658
@@ -18333,11 +18333,11 @@ CVE-2022-38658
 CVE-2022-38657
 	RESERVED
 CVE-2022-38656 (HCL Commerce, when using Elasticsearch, can allow a remote attacker to ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-38655
 	RESERVED
 CVE-2022-38654 (HCL Domino is susceptible to an information disclosure vulnerability.  ...)
-	TODO: check
+	NOT-FOR-US: HCL
 CVE-2022-38653
 	RESERVED
 CVE-2022-38652



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806812c4c965dbbbe89c91eaf96e409a6e4002f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/806812c4c965dbbbe89c91eaf96e409a6e4002f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221105/c87600da/attachment.htm>

More information about the debian-security-tracker-commits mailing list